Over 1,900 Magento E-Commerce Sites Compromised in Recent Magecart Campaign

Summary

Between Friday, September 11 and Monday, September 14, 2020, at least 1,904 Magento e-commerce sites were compromised in the largest known automated Magento hack. The Magecart attacks, in which malicious code is injected into the checkout pages of online stores and payment card data is stolen, were largely conducted against Magento version 1 sites, which are no longer supported. Additionally, there is speculation that a zero-day vulnerability may have facilitated the attacks.

Recommendations

The NJCCIC highly recommends Magento sites upgrade to version 2, and all e-commerce sites block access to sensitive information entered into webforms and stored cookies, and only grant in-house developed scripts access to sensitive data. Online customers are encouraged to use credit cards over debit cards when shopping online as they often have better consumer fraud protections. Additionally, customers can enable payment charge notifications that will facilitate the identification of any fraudulent transactions. More information on the recent Magecart campaign against Magento sites can be found in the Sansec research post.